[apparmor] [PATCH] security/apparmor: Use POSIX-compatible "printf '%s'"

2016-10-14 Thread Thomas Schneider 
When using a strictly POSIX-compliant shell, "-n #define ..." gets
written into the file.  Use "printf '%s'" to avoid this.

Signed-off-by: Thomas Schneider 
---
 security/apparmor/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/security/apparmor/Makefile b/security/apparmor/Makefile
index d693df8..8f575d1 100644
--- a/security/apparmor/Makefile
+++ b/security/apparmor/Makefile
@@ -20,7 +20,7 @@ cmd_make-caps = echo "static const char *const 
capability_names[] = {" > $@ ;\
sed $< >>$@ -r -n -e '/CAP_FS_MASK/d' \
-e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/[\2] = "\L\1",/p';\
echo "};" >> $@ ;\
-   echo -n '\#define AA_FS_CAPS_MASK "' >> $@ ;\
+   printf '%s' '\#define AA_FS_CAPS_MASK "' >> $@ ;\
sed $< -r -n -e '/CAP_FS_MASK/d' \
-e 's/^\#define[ \t]+CAP_([A-Z0-9_]+)[ \t]+([0-9]+)/\L\1/p' | \
 tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
@@ -56,7 +56,7 @@ cmd_make-rlim = echo "static const char *const 
rlim_names[RLIM_NLIMITS] = {" \
echo "static const int rlim_map[RLIM_NLIMITS] = {" >> $@ ;\
sed -r -n "s/^\# ?define[ \t]+(RLIMIT_[A-Z0-9_]+).*/\1,/p" $< >> $@ ;\
echo "};" >> $@ ; \
-   echo -n '\#define AA_FS_RLIMIT_MASK "' >> $@ ;\
+   printf '%s' '\#define AA_FS_RLIMIT_MASK "' >> $@ ;\
sed -r -n 's/^\# ?define[ \t]+RLIMIT_([A-Z0-9_]+).*/\L\1/p' $< | \
tr '\n' ' ' | sed -e 's/ $$/"\n/' >> $@
 
-- 
2.10.1


-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor

Re: [apparmor] [patch] Drop seen_events counter from aa.py

2016-10-14 Thread Christian Boltz 
Hello,

Am Freitag, 14. Oktober 2016, 12:16:52 CEST schrieb Steve Beattie:
> On Fri, Oct 14, 2016 at 12:43:19AM +0200, Christian Boltz wrote:
> > seen_events is a global variable in aa.py that gets increased at
> > several places, but isn't used (read or printed) anywhere. Since I
> > can't imagine how it could become useful, simply drop it.
> 
> I've no problem dropping this variable if we're not using it anywhere.
> 
> That said, I know previously in the development of the perl version
> of the tools, there was some experimentation with showing things like
> progress bars or information like e.g. "37 of 146 pending rejections
> would be covered by adding this rule". I think there's a place for
> indicators that show contextual information about the current run of
> whatever tool is being used, and this variable may have been added
> as a data gathering element to support that.

That sounds like an interesting idea, but I doubt a simple counter (like 
the two I dropped) would provide this information ;-)

What you propose would be more or less easy when adding the specific rule 
type (like a file rule for file events) - we'd just need to check 
is_covered() of the pending file events [1]. Things become slightly more 
interesting (and possibly a bit slower) when counting for an include file 
because we'd need to check all event types, not only file events, and 
check against all rules in the include.

I'm not saying it's impossible, "just" more interesting ;-)

Feel free to open a feature request to make sure this idea doesn't get 
lost, but I probably don't need to mention that we have more urgent 
things on the TODO list ;-)


Regards,

Christian Boltz

[1] Currently we don't delete the events from the log queue because the
for loop makes sure to hit them only once, but that would be an easy 
fix.
-- 
> [qpopper] Jepp. Den einzurichten, dauert max. 10 Min. Und ist absolut
> pflegeleicht. ;)
Hm... womit verbringst Du denn die letzten neun Minuten? Oder kommt hier
ein 286er zum Einsatz?  [> Michael Raab und Andreas Feile in suse-linux]


signature.asc
Description: This is a digitally signed message part.
-- 
AppArmor mailing list
AppArmor@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/apparmor